Merge: + DNS, Web: use only secure TLSv1.2 ciphers

Close #1384 Squashed commit of the following: commit cd90abcce573a8e930446ba153565e553e6b81d5 Author: Simon Zolin <s.zolin@adguard.com> Date: Fri Mar 20 19:17:53 2020 +0300 minor commit a1914c5f41425e82cdedc9716bce84470afab65b Merge: 72c53673 c8285c41 Author: Simon Zolin <s.zolin@adguard.com> Date: Fri Mar 20 19:17:21 2020 +0300 Merge remote-tracking branch 'origin/master' into 1384-tls12-ciphers commit 72c536737e0502bb397562ade47aedb9f2ae4494 Author: Simon Zolin <s.zolin@adguard.com> Date: Wed Mar 4 18:16:24 2020 +0300 + DNS, Web: use only secure TLSv1.2 ciphers
2020-03-23 10:23:34 +03:00
parent c8285c41d7
commit 06b3378fd7
5 changed files with 56 additions and 0 deletions
--- a/util/tls.go
+++ b/util/tls.go
@@ -1,12 +1,14 @@
 package util

 import (
+	"crypto/tls"
 	"crypto/x509"
 	"io/ioutil"
 	"os"
 	"runtime"

 	"github.com/AdguardTeam/golibs/log"
+	"golang.org/x/sys/cpu"
 )

 // LoadSystemRootCAs - load root CAs from the system
@@ -45,3 +47,51 @@ func LoadSystemRootCAs() *x509.CertPool {
 	}
 	return nil
 }
+
+// InitTLSCiphers - the same as initDefaultCipherSuites() from src/crypto/tls/common.go
+//  but with the difference that we don't use so many other default ciphers.
+func InitTLSCiphers() []uint16 {
+	var ciphers []uint16
+
+	// Check the cpu flags for each platform that has optimized GCM implementations.
+	// Worst case, these variables will just all be false.
+	var (
+		hasGCMAsmAMD64 = cpu.X86.HasAES && cpu.X86.HasPCLMULQDQ
+		hasGCMAsmARM64 = cpu.ARM64.HasAES && cpu.ARM64.HasPMULL
+		// Keep in sync with crypto/aes/cipher_s390x.go.
+		hasGCMAsmS390X = cpu.S390X.HasAES && cpu.S390X.HasAESCBC && cpu.S390X.HasAESCTR && (cpu.S390X.HasGHASH || cpu.S390X.HasAESGCM)
+
+		hasGCMAsm = hasGCMAsmAMD64 || hasGCMAsmARM64 || hasGCMAsmS390X
+	)
+
+	if hasGCMAsm {
+		// If AES-GCM hardware is provided then prioritise AES-GCM
+		// cipher suites.
+		ciphers = []uint16{
+			tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
+			tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
+			tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
+			tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
+			tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,
+			tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
+		}
+	} else {
+		// Without AES-GCM hardware, we put the ChaCha20-Poly1305
+		// cipher suites first.
+		ciphers = []uint16{
+			tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,
+			tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
+			tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
+			tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
+			tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
+			tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
+		}
+	}
+
+	otherCiphers := []uint16{
+		tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
+		tls.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
+	}
+	ciphers = append(ciphers, otherCiphers...)
+	return ciphers
+}